A global threat to financial institutions

Cobalt starting point

Countries affected by Cobalt

Countries affected by Carbanak and Cobalt

2014 2015 2016 2017

CarbanakCobalt

How it works

Carbanak / Cobalt

Spear-phishing emails are sent to bank employees to infect their machines

INFLATING ACCOUNT BALANCESThe criminal raises the balance of bank accounts and money mules withdraw the money at ATMs

DEVELOPMENTThe cybercriminal is the brains of the operation and develops the malware 1

INFILTRATION AND INFECTIONThe cybercriminal deploys the malware through the bank’s internal network, infecting the servers and controlling ATMs

2

HOW THE MONEY IS STOLEN

3

MONEY LAUNDERING

4

CONTROLLING ATMsThe criminal sends a command to specific ATMs to spit out cash and money mules collect the money

The stolen money is converted into cryptocurrencies

MONEY TRANSFERThe criminal transfers the money into their account or foreign bank accounts

Infected infrastructure

Bank employee